Recent Posts
News•Jan 12, 2026
Web3 Dev Environments Hit by Fake Interview Software Scam
Web3 developers are being targeted by a new inbound scam where attackers pose as legitimate hiring firms on sites like youbuidl.dev. They lure candidates with senior‑level job postings and then require the download of a fake interview or coding‑test application. The software acts as a remote‑access tool, exposing wallets, API keys, and production credentials stored on the developer’s machine. Compromise of a single workstation can lead to theft of personal crypto assets and broader breaches of blockchain infrastructure.
By GBHackers On Security
News•Jan 12, 2026
India Remains Top Target for Mobile Attacks as Threats Surge 38%
India has become the world’s leading target for mobile cyber‑attacks, recording a 38% year‑over‑year surge and now representing 26% of global mobile malware traffic. Zscaler’s ThreatLabz report identified 239 malicious Android apps downloaded 42 million times, with retail and hospitality sectors...
By GBHackers On Security
News•Jan 12, 2026
PoC Released for Atarim Plugin Auth Bypass Vulnerability
A proof‑of‑concept for CVE‑2025‑60188 reveals a critical authentication bypass in the Atarim WordPress plugin. The flaw stems from using the publicly exposed site_id as the HMAC‑SHA256 secret, allowing attackers to forge valid admin requests. Exploit code published by researcher m4sh‑wacker...
By GBHackers On Security
News•Jan 10, 2026
Massive Instagram Data Breach Exposes Personal Details of 17.5 Million Users
A dark‑web marketplace is selling personal data from 17.5 million Instagram accounts, marking one of the largest social‑media breaches to date. Malwarebytes first reported the leak on X, confirming that usernames, email addresses, phone numbers and partial location data are being...
By GBHackers On Security
News•Jan 10, 2026
Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware
Cybercriminals are exploiting news of Venezuelan President Nicolás Maduro’s alleged arrest to distribute a backdoor malware via spear‑phishing ZIP attachments. The ZIP contains a weaponized KuGou executable that loads a malicious DLL through DLL search‑order hijacking, creates a hidden Technology360NB...
By GBHackers On Security
News•Jan 9, 2026
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials
Arctic Wolf Labs identified a new ransomware variant called Fog targeting U.S. organizations, primarily in education (80%) and recreation (20%) sectors. The attackers gained entry through compromised VPN credentials from two vendors and quickly escalated privileges using pass‑the‑hash, PsExec, and credential‑stuffing...
By GBHackers On Security
News•Jan 9, 2026
XRAT Malware Targets Windows Users via Fake Adult Game
AhnLab Security Intelligence Center uncovered a campaign that disguises the open‑source xRAT (QuasarRAT) remote‑access trojan as a fake adult game on Korean web‑hard services. The ZIP archive contains a Game.exe launcher that first runs a legitimate game stub, then copies...
By GBHackers On Security
News•Jan 9, 2026
50 Best Free Cyber Threat Intelligence Tools – 2026
The article curates a list of the 50 best free cyber‑threat‑intelligence (CTI) tools available in 2026, spanning data‑feeds, analysis platforms, automation frameworks, and IOC‑parsers. It highlights open‑source projects such as MISP, OpenCTI, and IntelMQ, as well as real‑time feeds like...
By GBHackers On Security
News•Jan 9, 2026
The Role of Initial Access Markets in Ransomware Campaigns Targeting Australia and New Zealand
The 2025 Threat Landscape Report shows a sharp rise in initial‑access sales targeting Australia and New Zealand, with 92 documented compromised‑access listings. Retail accounts for roughly one‑third of incidents, while BFSI and professional services together make up over half. The market...
By GBHackers On Security
News•Jan 8, 2026
New DocuSign-Themed Phishing Scam Delivers Stealth Malware to Windows Devices
Researchers have uncovered a sophisticated phishing campaign that impersonates DocuSign to deliver the Vidar information‑stealing malware to Windows computers. The attack uses a look‑alike domain and a fake installer signed with a legitimate Chinese code‑signing certificate to bypass reputation filters....
By GBHackers On Security
News•Jan 8, 2026
React2Shell Vulnerability Hit by 8.1 Million Attack Attempts
The React Server Components “Flight” protocol remote code execution flaw (CVE‑2025‑55182), known as React2Shell, has become the focus of a massive exploitation campaign. GreyNoise has logged over 8.1 million attack sessions, with daily volumes stabilizing at 300‑400 k after a December peak...
By GBHackers On Security
News•Jan 8, 2026
Report: China Breached Email Systems Used by U.S. Congressional Staff
According to a Financial Times investigation, Chinese state‑linked hackers breached email systems used by staff of several influential House committees. The intrusion gave the actors access to legislative drafts, policy discussions and potentially classified briefings. U.S. officials highlighted the vulnerability...
By GBHackers On Security
News•Jan 8, 2026
How Attackers Hide Processes by Abusing Kernel Patch Protection
Researchers disclosed a new Windows rootkit technique that hides malicious processes by using the legitimate PsSetCreateProcessNotifyRoutineEx API to repair ActiveProcessLinks just before the kernel’s PspProcessDelete validation runs. This timing‑based bypass evades both PatchGuard and Hypervisor‑Protected Code Integrity, allowing processes to...
By GBHackers On Security
News•Jan 8, 2026
GitLab Patches Multiple Flaws Allowing Arbitrary Code Execution
GitLab has issued emergency patches—versions 18.7.1, 18.6.3 and 18.5.5—to close seven newly disclosed vulnerabilities affecting self‑managed instances. The flaws include two high‑severity stored and reflected cross‑site scripting bugs, missing authorization checks in AI GraphQL endpoints, and a runner‑removal issue that...
By GBHackers On Security
News•Jan 8, 2026
BlueDelta Hackers Target Microsoft OWA, Google, and Sophos VPN to Steal Credentials
Recorded Future’s Insikt Group uncovered a credential‑harvesting campaign by the Russian‑state backed BlueDelta group throughout 2025. The actors deployed phishing emails with legitimate‑looking PDFs to lure victims into fake Microsoft Outlook Web Access, Google, and Sophos VPN login portals, using...
By GBHackers On Security
News•Jan 8, 2026
Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering
A vulnerability in the TLP power‑profiles daemon (version 1.9.0) lets local users bypass Polkit authentication and tamper with system power settings. The flaw stems from using Polkit’s deprecated “unix‑process” subject, creating a PID race condition that grants elevated control without admin...
By GBHackers On Security
News•Jan 8, 2026
OwnCloud Warns Users to Enable MFA After Credential Theft Incident
ownCloud issued an urgent advisory urging users to enable Multi‑Factor Authentication after a credential‑theft incident reported by Hudson Rock. Threat actors stole passwords via infostealer malware such as RedLine, Lumma and Vidar and accessed accounts lacking MFA. The breach did not...
By GBHackers On Security
News•Jan 8, 2026
Global GoBruteforcer Botnet Campaign Threatens 50,000 Linux Servers
The GoBruteforcer botnet is actively compromising more than 50,000 internet‑facing Linux servers by brute‑forcing credentials for FTP, MySQL, PostgreSQL and phpMyAdmin services. Researchers note that AI‑generated deployment examples and legacy stacks like XAMPP have proliferated weak default passwords, expanding the...
By GBHackers On Security
News•Jan 8, 2026
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset
Huntress researchers uncovered a sophisticated campaign that leverages a zero‑day toolkit, MAESTRO, to exploit three critical VMware ESXi vulnerabilities disclosed in VMSA‑2025‑0004. The attack chain begins with stolen Domain Admin credentials used to compromise a SonicWall VPN, followed by lateral...
By GBHackers On Security
News•Jan 7, 2026
Hackers Using Malicious QR Codes for Phishing via HTML Table
Hackers have begun delivering phishing QR codes without images, rendering them as dense HTML tables of colored cells. This “imageless” approach evades traditional image‑analysis scanners that look for bitmap QR patterns. Recipients who scan the codes are directed to credential‑harvesting...
By GBHackers On Security